def main():
render_tv(
render_args(),
'sapling_generators',
(
('skb', '[u8; 32]'),
('pkb', '[u8; 32]'),
('npb', '[u8; 32]'),
('wprb', '[u8; 32]'),
('vcvb', '[u8; 32]'),
('vcrb', '[u8; 32]'),
('pb0', '[u8; 32]'),
('pb1', '[u8; 32]'),
('pb2', '[u8; 32]'),
('pb3', '[u8; 32]'),
),
{
'skb': bytes(SPENDING_KEY_BASE),
'pkb': bytes(PROVING_KEY_BASE),
'npb': bytes(NOTE_POSITION_BASE),
'wprb': bytes(WINDOWED_PEDERSEN_RANDOMNESS_BASE),
'vcvb': bytes(VALUE_COMMITMENT_VALUE_BASE),
'vcrb': bytes(VALUE_COMMITMENT_RANDOMNESS_BASE),
'pb0': bytes(PEDERSEN_BASES[0]),
'pb1': bytes(PEDERSEN_BASES[1]),
'pb2': bytes(PEDERSEN_BASES[2]),
'pb3': bytes(PEDERSEN_BASES[3]),
},
)
def main():
args = render_args()
from random import Random
rng = Random(0xabad533d)
def randbytes(l):
ret = []
while len(ret) < l:
ret.append(rng.randrange(0, 256))
return bytes(ret)
rj = RedJubjub(SPENDING_KEY_BASE, randbytes)
test_vectors = []
for i in range(0, 10):
sk = rj.gen_private()
vk = rj.derive_public(sk)
alpha = rj.gen_random()
rsk = rj.randomize_private(sk, alpha)
rvk = rj.randomize_public(vk, alpha)
M = bytes([i] * 32)
sig = rj.sign(sk, M)
rsig = rj.sign(rsk, M)
assert rj.verify(vk, M, sig)
assert rj.verify(rvk, M, rsig)
assert not rj.verify(vk, M, rsig)
assert not rj.verify(rvk, M, sig)
test_vectors.append({
'sk': bytes(sk),
'vk': bytes(vk),
'alpha': bytes(alpha),
'rsk': bytes(rsk),
'rvk': bytes(rvk),
'm': M,
'sig': sig,
'rsig': rsig,
})
render_tv(
args,
'sapling_signatures',
(
('sk', '[u8; 32]'),
('vk', '[u8; 32]'),
('alpha', '[u8; 32]'),
('rsk', '[u8; 32]'),
('rvk', '[u8; 32]'),
('m', '[u8; 32]'),
('sig', '[u8; 64]'),
('rsig', '[u8; 64]'),
),
test_vectors,
)
def main():
args = render_args()
def hardened(i):
return i + (1 << 31)
seed = bytes(range(32))
m = ExtendedSpendingKey.master(seed)
m_1 = m.child(1)
m_1_2h = m_1.child(hardened(2))
m_1_2hv = m_1_2h.to_extended_fvk()
m_1_2hv_3 = m_1_2hv.child(3)
test_vectors = [{
'ask': Some(bytes(k.ask())) if k.is_xsk() else None,
'nsk': Some(bytes(k.nsk())) if k.is_xsk() else None,
'ovk': k.ovk(),
'dk': k.dk(),
'c': k.c(),
'ak': bytes(k.ak()),
'nk': bytes(k.nk()),
'ivk': bytes(k.ivk()),
'xsk': Some(bytes(k)) if k.is_xsk() else None,
'xfvk': bytes(k.to_extended_fvk()),
'fp': k.fingerprint(),
'd0': option(k.diversifier(0)),
'd1': option(k.diversifier(1)),
'd2': option(k.diversifier(2)),
'dmax': option(k.diversifier((1 << 88) - 1)),
} for k in (m, m_1, m_1_2h, m_1_2hv, m_1_2hv_3)]
render_tv(
args,
'sapling_zip32',
(
('ask', 'Option<[u8; 32]>'),
('nsk', 'Option<[u8; 32]>'),
('ovk', '[u8; 32]'),
('dk', '[u8; 32]'),
('c', '[u8; 32]'),
('ak', '[u8; 32]'),
('nk', '[u8; 32]'),
('ivk', '[u8; 32]'),
('xsk', 'Option<[u8; 169]>'),
('xfvk', '[u8; 169]'),
('fp', '[u8; 32]'),
('d0', 'Option<[u8; 11]>'),
('d1', 'Option<[u8; 11]>'),
('d2', 'Option<[u8; 11]>'),
('dmax', 'Option<[u8; 11]>'),
),
test_vectors,
)
def main():
args = render_args()
test_vectors = []
for i in range(0, 10):
sk = SpendingKey(bytes([i] * 32))
note_v = (2548793025584392057432895043257984320 * i) % 2**64
note_r = Fr(8890123457840276890326754358439057438290574382905).exp(i +
1)
note_cm = note_commit(note_r,
leos2bsp(bytes(diversify_hash(sk.default_d()))),
leos2bsp(bytes(sk.default_pkd())), note_v)
note_pos = (980705743285409327583205473820957432 * i) % 2**MERKLE_DEPTH
note_nf = note_nullifier(sk.nk(), note_cm, Fr(note_pos))
test_vectors.append({
'sk': sk.data,
'ask': bytes(sk.ask()),
'nsk': bytes(sk.nsk()),
'ovk': sk.ovk(),
'ak': bytes(sk.ak()),
'nk': bytes(sk.nk()),
'ivk': bytes(sk.ivk()),
'default_d': sk.default_d(),
'default_pk_d': bytes(sk.default_pkd()),
'note_v': note_v,
'note_r': bytes(note_r),
'note_cmu': bytes(note_cm.u),
'note_pos': note_pos,
'note_nf': note_nf,
})
render_tv(
args,
'sapling_key_components',
(
('sk', '[u8; 32]'),
('ask', '[u8; 32]'),
('nsk', '[u8; 32]'),
('ovk', '[u8; 32]'),
('ak', '[u8; 32]'),
('nk', '[u8; 32]'),
('ivk', '[u8; 32]'),
('default_d', '[u8; 11]'),
('default_pk_d', '[u8; 32]'),
('note_v', 'u64'),
('note_r', '[u8; 32]'),
('note_cmu', '[u8; 32]'),
('note_pos', 'u64'),
('note_nf', '[u8; 32]'),
),
test_vectors,
)
def main():
args = render_args()
from random import Random
rng = Random(0xabad533d)
def randbytes(l):
ret = []
while len(ret) < l:
ret.append(rng.randrange(0, 256))
return bytes(ret)
rand = Rand(randbytes)
consensusBranchId = 0x76b809bb # Sapling
test_vectors = []
for _ in range(10):
tx = Transaction(rand, SAPLING_TX_VERSION)
scriptCode = Script(rand)
nIn = rand.u8() % (len(tx.vin) + 1)
if nIn == len(tx.vin):
nIn = NOT_AN_INPUT
nHashType = SIGHASH_ALL if nIn == NOT_AN_INPUT else rand.a([
SIGHASH_ALL,
SIGHASH_NONE,
SIGHASH_SINGLE,
SIGHASH_ALL | SIGHASH_ANYONECANPAY,
SIGHASH_NONE | SIGHASH_ANYONECANPAY,
SIGHASH_SINGLE | SIGHASH_ANYONECANPAY,
])
amount = rand.u64() % (MAX_MONEY + 1)
sighash = signature_hash(
scriptCode,
tx,
nIn,
nHashType,
amount,
consensusBranchId,
)
test_vectors.append({
'tx': bytes(tx),
'script_code': scriptCode.raw(),
'transparent_input': nIn,
'hash_type': nHashType,
'amount': amount,
'consensus_branch_id': consensusBranchId,
'sighash': sighash,
})
render_tv(
args,
'zip_0243',
(
('tx', {
'rust_type': 'Vec<u8>',
'bitcoin_flavoured': False
}),
('script_code', 'Vec<u8>'),
('transparent_input', {
'rust_type': 'Option<u32>',
'rust_fmt': lambda x: None if x == -1 else Some(x),
}),
('hash_type', 'u32'),
('amount', 'i64'),
('consensus_branch_id', 'u32'),
('sighash', '[u8; 32]'),
),
test_vectors,
)
def main():
args = render_args()
from random import Random
rng = Random(0xabad533d)
def randbytes(l):
ret = []
while len(ret) < l:
ret.append(rng.randrange(0, 256))
return bytes(ret)
ne = SaplingNoteEncryption(randbytes)
test_vectors = []
for i in range(0, 10):
sk = SpendingKey(bytes([i] * 32))
pk_d = sk.default_pkd()
g_d = diversify_hash(sk.default_d())
np = SaplingNotePlaintext(
sk.default_d(),
100000000 * (i+1),
Fr(8890123457840276890326754358439057438290574382905).exp(i+1),
b'\xf6' + b'\x00'*511)
cv = VALUE_COMMITMENT_VALUE_BASE * Fr(np.v) + VALUE_COMMITMENT_RANDOMNESS_BASE * np.rcm
cm = note_commit(
np.rcm,
leos2bsp(bytes(g_d)),
leos2bsp(bytes(pk_d)),
np.v)
(
esk, epk,
shared_secret,
k_enc, p_enc, c_enc,
ock, op, c_out,
) = ne.encrypt(np, pk_d, g_d, cv, cm, sk.ovk())
test_vectors.append({
'ovk': sk.ovk(),
'ivk': bytes(sk.ivk()),
'default_d': sk.default_d(),
'default_pk_d': bytes(sk.default_pkd()),
'v': np.v,
'rcm': bytes(np.rcm),
'memo': np.memo,
'cv': bytes(cv),
'cmu': bytes(cm.u),
'esk': bytes(esk),
'epk': bytes(epk),
'shared_secret': bytes(shared_secret),
'k_enc': k_enc,
'p_enc': p_enc,
'c_enc': c_enc,
'ock': ock,
'op': op,
'c_out': c_out,
})
render_tv(
args,
'sapling_note_encryption',
(
('ovk', '[u8; 32]'),
('ivk', '[u8; 32]'),
('default_d', '[u8; 11]'),
('default_pk_d', '[u8; 32]'),
('v', 'u64'),
('rcm', '[u8; 32]'),
('memo', '[u8; 512]'),
('cv', '[u8; 32]'),
('cmu', '[u8; 32]'),
('esk', '[u8; 32]'),
('epk', '[u8; 32]'),
('shared_secret', '[u8; 32]'),
('k_enc', '[u8; 32]'),
('p_enc', '[u8; 564]'),
('c_enc', '[u8; 580]'),
('ock', '[u8; 32]'),
('op', '[u8; 64]'),
('c_out', '[u8; 80]'),
),
test_vectors,
)